How to Protect Your Brand from a Twitter Hacking

After the Burger King and Jeep Twitter accounts were hacked earlier this year, we heard a lot of talk about big brands abandoning the platform. You can put that notion to rest right now. With more than 200 million active users and a dizzying array of brand building tools, Twitter is an essential element of smart communications strategy. It personalizes customer services, bypasses the traditional media filter and wields significant influence on the conversations that matter to brands.

Twitter’s vast popularity makes it a huge target for hackers. But the potential for mischief is a risk well worth taking. The relative ease with which Burger King and Jeep handled their hacks is another reason brands won’t flee. Both companies quickly contacted Twitter, suspended their accounts and pulled down the hackers’ false messages.

When they were up and running again both companies cleared up any lingering confusion with simple statements explaining the hacking and correcting the misinformation. Before long, both Burger King and Jeep reclaimed their brand identities.

Jeep’s tweet to Burger King inviting it to “grab a burger and swap stories” put an end to the episode with the good humor that defines smart social media strategy.

Burger King’s tweet welcoming the additional 34,000 followers it garnered as a direct result of the hacking was similarly well played. In the end, both companies ended up with a stronger foothold in the social media space than they occupied before.

While Twitter hacking is an acceptable risk for most brands, it is also one that needs to be mitigated with strategies that enhance security and increase preparedness. With potential upticks in both the frequency and severity of future hacks on the horizon, every brand needs to operate as if it is next on hackers’ hit lists.

Social Security

On the security front, four best practices have emerged as key tactics for reducing the points of vulnerability that hackers exploit. Each represents an increasing level of protection and all deserve the consideration of any brand seeking to neutralize the threat.

1. Diverse passwords Too many organizations use the same passwords to access and manage all of their social media properties. Instead, organizations should diversify their passwords by creating uniformed segments within the password specific to the company, the user and the platform.

2. Strategic access Limit access to social media passwords to only those in the organization who need them to do their jobs. The fewer people that are aware of the password, the fewer opportunities there are for it to fall into malicious hands.

3. Factor authentication For the more cautious brands factor authentication represents the most intense level of password security available. When seeking access to social media properties account managers enter login information and then are sent a random password to an email address or mobile device. They then enter that password for total access.

4. Testing If fear morphs into outright paranoia, organizations can hire outside experts to test their security much like they would probe IT infrastructure for vulnerabilities. These experts essentially act as would-be hackers seeking to exploit the any holes in the organization’s system.

First Responders

Even state-of-the-art security measures aren’t enough to provide total protection. As such, Twitter hacking needs be addressed in every organizational social media crisis plan. The plan should emphasize the following strategic imperatives:

1. Contact Twitter to pull the page down. The moment a hack is detected, suspend the account until passwords can be reset and security can be reestablished.

2. Ensure no other social media properties have been compromised. As alluded to above, a hack one social media property increases the probability that another will be compromised. In the hours following a hack, monitoring efforts need to be intensified to ensure that organization understands the full scope of the problem.

3. Change all passwords. Don’t assume the YouTube channel or Facebook profile is safe because the hack was limited to Twitter. Change the passwords on every social property.

4. Address and the hacking and correct misinformation. As soon as possible, the organization should articulate the fact that it suffered a social media hack and correct any misinformation that has permeated the social media space.

5. Don’t let the hacking be the story. Once the account is secure and the record is corrected, don’t hesitate to get back to branding again. Here, the Jeep and Burger King examples provide ideal response templates. Their playful tweets following the hacks effectively communicated that the ordeal was over, even as they reminded followers of what their brands are all about. Remember, the sooner an organization moves on from the hacking, the sooner its followers will as well.

Peter LaMotte is a senior VP at LEVICK and Chair of the company’s Digital Practice. Follow him on Twitter: @PeterLaMotte.

In this 5th volume of PR News’ Book of Employee Communications, our authors cover more than 45 articles on crisis communications, social media policies, human resources collaboration, brand evangelism and more.

Hi Peter, great article! We were hacked and after 27 attempts to contact anyone who cared at Twitter, we gave up and started over. Can you share the contact info that Jeep and Burger KIng used to get action from Twitter? Thanks!